CVE-2011-5135 in DoceboLMSinfo

Summary

Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsible

Reservation

08/30/2012

Disclosure

08/30/2012

Moderation

VulDB entry created

Entries

VDB-61954

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

6.3

EPSS

0.00802

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-5135
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-5135
CVE Details	https://www.cvedetails.com/cve/CVE-2011-5135/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!